DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This communication is a Final Office Action in response to Applicant’s amendment filed on March 24, 2026.
Claims 1, 3-19, and 23-26 have been examined in this application. Claims 2, and 20-22 are cancelled.
No new information disclosure statement (IDS) has been filed.
Response to Arguments
Applicant’s arguments, filed 03/24/2026 regarding claim interpretation under 35 U.S.C. 112(f) have been fully considered but are not persuasive. The amendments do not clearly recite that the processor executes the instructions in the memory to cause the claimed limitations to occur. Instead, the claims attempt to add the required structure but recite that the “correspondence generation means [is] in communication with the processor, the correspondence generation means for generating… [and] further for generating a second correspondence…” As a result, the claim amendments have not affected the issue. Interpretation maintained.
Applicant’s arguments, page 7, regarding claim interpretation under 35 U.S.C. 112(a) and 112(b) have been fully considered but are not persuasive. The claims, as a result of reciting that the “correspondence generation means” carries out the claim limitations, still fail to provide support for the structure and link of the structure within the Specification. The “correspondence generation means” is not clearly found in the Specification to be linked to a particular structure. Applicant may amend the claims to include the structure for “correspondence generation means” to try to overcome the rejection. The instant claims simply recite that the “correspondence generation means” is in communication with the processor, which is not the same as the processor being a structure of the “correspondence generation means” or that the processor is the actual structure that carries the claim limitations.
Applicant’s arguments, pages 7-8, regarding claim interpretation under 35 U.S.C. 101 have been fully considered but are not persuasive.
Applicant argues that the claims are directed to a particular technical improvement in identity verification and that the claims scope is not a mental process. Applicant argues that even if an abstract idea is recited, the claims amount to an improvement to a computer through automatic generation and processing of secret codes to verify identity. Applicant argues that the processor performs the steps that otherwise cannot be carried out by a human mind. Applicant also cites case law to try and link the instant claims to said cause law.
The Examiner respectfully disagrees. The claims are not directed to patentable subject matter. The claims try to incorporate Beauregard language to add structure to the claims; however, the claims do not recite that said structure actually carries out the claim limitations. Even if the claims recited the structure as the one carrying out the claim limitations, the claims still amount to an abstract idea without significantly more. Once the claims are determined to be directed to an abstract idea, the claims are analyzed to determine if they fall within one of the three abstract idea groupings and then finally whether they include additional elements that would amount to a practical application. The abstract idea is characterized under mental processes and under certain methods of organizing human activity. With regard to mental processes, the claims capture concepts that can be carried out using a human mind and pen-and-paper, including observation, evaluation, judgment and opinion. With regard to certain methods of organizing human activity, the claims capture commercial interactions including business relations. The provisioning of data to authenticate a user via a financial institution captures the above concepts. As the Specification discloses, the concept of user validation via the financial institution and an account holder provides higher financial security, which is a business relation between the institution and the account holder. Likewise, and contrary to Applicant’s arguments, all the limitations can be carried out between humans. The additional elements in the claims include the computer-implemented correspondence identity verification system, machine-generated secret codes, processor, and a code database. These additional elements are recited at a high level of generality, amounting to mere generic computers/devices used to automate the abstract idea and carry out generic computer functions such as sending/receiving data and generating data. Contrary to Applicant’s arguments, the claims fail to produce a technical improvement of the processor or device nor do they provide a technical solution to a technical problem of field. Each of the additional elements / limitations are no more than mere instructions to apply the exception using generic computer components or a generic device. Accordingly, even in combination, the additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Furthermore, the abstract idea is simply linked to a particular technological environment or field of use; MPEP 2106.05(h). Arguably, the claims amounts to merely adding insignificant extra-solution activity to the abstract idea; MPEP 2106.05(g).
The case law argued was not the basis of the rejection and does not relate at all to the instant claims. Therefore, the arguments directed to the case law are moot.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements amount to merely instructions to apply the exception using generic computer components. The claim limitations do not improve another technology or technical field, improve the functioning of a computer itself, apply the abstract idea with, or by use of, a particular machine (not a generic computer, not adding the words "apply it" or words equivalent to "apply the abstract idea", not mere instructions to implement an abstract idea on a computer, adding insignificant extra solution activity to the judicial exception, generally linking the user of the judicial exception to a particular technological environment or field of use), effects a transformation or reduction of a particular article to a different state or thing, or adds meaningful limitations that amount to more than generally linking the use of the abstract idea to a particular technological environment. Mere instructions to apply an exception using generic computer components cannot provide an inventive concept.
The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. The dependent claims fail to recite additional elements that would amount to a practical application or amount to significantly more than the judicial exception as discussed above. The dependent claims further describe the abstract idea.
The claims are not patent eligible.
Applicant’s arguments, pages 9-10, regarding claim interpretation under 35 U.S.C. 103 have been fully considered but are not persuasive.
Applicant argues that the reference Gordon fails to teach the profile information is identified in any manner. The Examiner is interpreting correspondence to be information related to the user and financial information linked to the user such as the verification code, the correlating factor, and the profile information. The correlating factor and the profile information includes a plurality of information that is interpreted as being corresponding to user profile information that is identified using the generated code. Applicant can amend the claims to provide more details of what the correlations are and how are they received, determined and so on. Merely reciting a correlation being identified is broad and is interpreted by the examiner as explained, which results in the claim being taught by Gordon. The claims should capture what the Applicant deems as their invention clearly and including technical details and aspects that answer the questions of how something is actually being carried out in a positive and detailed manner without any non-functional descriptive material, conditional language, and without language that includes functions carried out by entities outside the scope of the claims.
CLAIM INTERPRETATION
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “correspondence generation means for generating…,” “wherein the financial institution is configured to identify…,” “wherein the correspondence generation means is further for generating…,” and “wherein the financial institution is configured to identify…” in claims 1 and 23. Also, claims 14, and 24 recite “wherein the correspondence generation means is further for generating…,” and “a text-to- speech engine configured to convert…”
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1, 3-19, and 23-26 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Per claims 1, and 23, the claims recite “correspondence generation means for generating…,” and “a text-to- speech engine configured to convert…” The Specification fails to disclose the structure for the correspondence and the text-to-speech engine. No structure is found that would allow the limitations claimed to be carried out by the correspondence and the text-to-speech engine. All dependent claims are rejected under the same rational and for mere dependency on the rejected claims.
Per claims 1 and 23, the claims recite “wherein the financial institution is configured to identify the first correspondence based at least in part on the first secret code received from the first account holder.” The financial institution is the entity recited as, intended use, sending a first correspondence that includes a first secret code to a first account holder; first line of the first limitation after the preamble. Therefore, it is not known how the financial institution can identify the first correspondence based on the first secret code received rom the first account holder when the financial institution never received such secret code and the financial institution is apparently the one that already has the first secret code in its possession. In other words, the financial institution would be identifying something that is already in its possession without the account holder providing it, assuming the account holder provided it. Based on the above, it is not known how the limitation is to be carried out nor is there adequate support found in the Specification for at least the limitation at issue.
Claims 1 and 23 also recite similar language in the last lines of the second limitations “wherein the financial institution is configured to identify the second correspondence based at least in part on the second secret code received from the first account holder.” This limitation is rejected under the same rational as above. All dependent claims are rejected for mere dependency on the rejected claims.
Examiner notes that the claims should focus on a limitation-by-limitation approach to positively capture what occurs at each entity before reciting a following action to help expedite prosecution and potentially overcome the rejections.
Per claim 25, the claim recites “wherein the code database encrypts secret codes using at least 128-bit AES, and access to the database is restricted using employee authentication credentials.” It is not known how a database can encrypt secret codes. A database is just that, a storage means for storing information. A processor on the other hand can execute instructions to cause the processor to encrypt a code or specific code using specific instructions including a well settle encryption scheme. The specification fails to disclose how a database can carry out the limitation.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1, 3-19, and 23-26 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim limitation “correspondence generation means for generating…,” “wherein the financial institution is configured to identify…,” “wherein the correspondence generation means is further for generating…,” and “wherein the financial institution is configured to identify…” in claims 1 and 23. Also, claims 14, and 24 recite “wherein the correspondence generation means is further for generating…,” and “a text-to- speech engine configured to convert…” invoke 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. No association between the structure and the function can be found in the specification. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph.
Applicant may:
(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph;
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either:
(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1, 3-19, and 23-26 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Claims 1, 3-19, and 23-26 fall within at least one of the four categories of patent eligible subject matter (process, machine, manufacture, or composition of matter).
Claims 1, 3-19, and 23-26 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea of identifying information or data based on received data without significantly more.
The abstract idea is categorized under mental processes, including concepts performed in the human mind such as observation, evaluation, judgement, opinion, and carrying out these concepts using pen and paper. The claims amount to merely generating data and generating additional data, wherein at best, an entity is able to or could identify the generated data using a table and performing a lookup or correspondence between the data. These functions can be carried out using a human mind and also with the aid of a pen-and-paper. The additional elements, as will be discussed later, merely automate the abstract idea. Furthermore, and under the broadest reasonable interpretation, the abstract idea is also characterized under certain methods of organizing human activity, including commercial interactions such as business relations. The relationship between the account hold, the account holder data sent/received and the financial institution generating data and identifying appropriate correspondence based on received data clearly capture a business relation between the entities as claimed. The identification of the data is to allow the user to be authenticated based on financial transaction settlement or financially dependent actions involving an account holder.
Claim 1, in pertinent part, recites:
A… correspondence identity verification system for verifying authenticity of enterprise-generated correspondence using… generated secret codes, comprising:
[a first entity];
a code database in communication with the… [first entity], the code database configured to store a first secret code and a second secret code; and
correspondence generation means in communication with the… [first entity], the correspondence generation means for generating a first correspondence to be sent from a financial institution to a first account holder, wherein the first correspondence comprises a first secret code, wherein the first secret code signifies a first identifying characteristic of the first correspondence, wherein the financial institution is configured to identify the first correspondence via the… [first entity] querying the code database based at least in part on the first secret code received from the first account holder,
wherein the correspondence generation means is further for generating a second correspondence sent from the financial institution to the first account holder, wherein the second correspondence comprises a second secret code, wherein the second secret code signifies a second identifying characteristic of the second correspondence, and wherein the financial institution is configured to identify the second correspondence via the… [first entity] querying the code database based at least in part on the second secret code received from the first account holder.
The judicial exception is not integrated into a practical application. The claims recite the following additional elements: computer-implemented correspondence identity verification system, machine-generated secret codes, processor, and a code database. The additional elements are recited at a high level of generality, wherein the claims merely amount to an abstract idea that is implemented using generic computers, performing generic computer functions such as generating data and analyzing the data. Each of the additional elements / limitations are no more than mere instructions to apply the exception using generic computer components or a generic device. Accordingly, even in combination, the additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements amount to merely instructions to apply the exception using generic computer components. The claim limitations do not improve another technology or technical field, improve the functioning of a computer itself, apply the abstract idea with, or by use of, a particular machine (not a generic computer, not adding the words "apply it" or words equivalent to "apply the abstract idea", not mere instructions to implement an abstract idea on a computer, adding insignificant extra solution activity to the judicial exception, generally linking the user of the judicial exception to a particular technological environment or field of use), effects a transformation or reduction of a particular article to a different state or thing, or adds meaningful limitations that amount to more than generally linking the use of the abstract idea to a particular technological environment. Mere instructions to apply an exception using generic computer components cannot provide an inventive concept.
The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. The dependent claims fail to recite additional elements that would amount to a practical application or amount to significantly more than the judicial exception as discussed above. The dependent claims further describe the abstract idea.
The claims are not patent eligible.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 3-19, and 23-26 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication 2017/0346829 to Gordon et la. (Gordon), in view of U.S. Patent Application Publication 2016/0012465 to Sharp (Sharp).
Per claims 1 and 23, Gordon teaches all of the following limitations:
A computer-implemented correspondence identity verification system for verifying authenticity of enterprise-generated correspondence using machine- generated secret codes, comprising (using multi codes to authenticate a user) [Abstract, and Figure 1]:
a processor; a code database in communication with the processor, the code database configured to store a first secret code and a second secret code [Paragraphs 0075, 0081 and Claim 1]; and
correspondence generation means in communication with the processor, the correspondence generation means for generating a first correspondence to be sent from a financial institution to a first account holder, wherein the first correspondence comprises a first secret code, wherein the first secret code signifies a first identifying characteristic of the first correspondence, wherein the financial institution is configured to identify the first correspondence… based at least in part on the first secret code received from the first account holder (The identity system sends the verification code to the user out of band, such as to their phone or email account) [Paragraphs 0016-0017, 0054-0075],
wherein the correspondence generation means is further for generating a second correspondence sent from the financial institution to the first account holder, wherein the second correspondence comprises a second secret code, wherein the second secret code signifies a second identifying characteristic of the second correspondence, and wherein the financial institution is configured to identify the second correspondence… based at least in part on the second secret code received from the first account holder (in addition to the verification code being sent, the system sends a (The identity system also sends a correlating factor (such as a hash code created from the verification code and/or session identifier) to the local entity, which is stored at the local entity. Once the user enters the verification code, the verification code, correlating factor, and profile information are all sent to the identity system. The identity system can then verify that the verification code and the correlating factor match, and then provision the account, including storing the profile information at the identity system in such a way that the profile information is appropriately protected.) [Paragraphs 0016-0017, 0054-0075].
Gordon does not explicitly disclose:
Although Gordon teaches authenticating a user based on generation of codes and other data, Gordon does not explicitly disclose that the correspondences are identified “…via the processor querying the code database…”
Sharp teaches “…via the processor querying the code database…” (n some embodiments, information regarding transactions made in this manner may be recorded electronically on the mobile device, or may be handwritten in a paper ledger, without limitation. In some embodiments, the mobile device 96 may be configured to enable an individual representing the system to: look up redemption information 64 associated with a requested item, product, good, or service to be purchased and sent to a recipient; look up a recipient and/or sender 10 digit phone number; if necessary, create a new recipient account (e.g., create a new contact in a contacts list of the mobile device 96) from recipient information contained within a received message (e.g., an incoming request message to deliver redemption information 64 pertaining to funds, credits, one or more items, one or more products, one or more goods, and/or one or more services); look up and determine a credit balance of an account of the sender of an incoming request (e.g., an account associated with an electronic address used to send an incoming request); reduce the sender's account balance by an amount (e.g., an amount equivalent to, an amount approximately equivalent to, an amount more than, or an amount less than) associated with a monetary value of redemption information 64 to be sent to a recipient; adjust sender and/or recipient account balances for fees, applicable taxes, etc.; select from a list of “canned” redemption information 64 (e.g., contained within a database or file of redemption information 64 which may be used at a participating entity to obtain an item, product, good, or service in exchange for the redemption information); attach the appropriate respective redemption information 64 to an electronic communication (e.g., a voice message, an email, an SMS/MMS/mobile message/text message, a social media post, a mobile application submission, etc.) which is intended for the recipient; and/or send the electronic communication (e.g., electronic message) containing the attached appropriate respective redemption information 64, to the recipient, without limitation) [0979].
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the teachings of Gordon, which teach user validation using user data and generated codes by a financial institution, to include the teachings of Sharp to explicitly disclose that the data is obtained or identified using a code database that is queried by the processor or the financial institution in motivation of utilizing the code for validation and not having to rely on receiving the code from another party since it’s stored locally.
Per claim 2, further comprising a code database in communication with the correspondence generation means, wherein the code data base stores the first secret code and the second secret code [Paragraphs 0016 and 0018].
Per claim 3, wherein only the financial institution has access to the code database [Paragraphs 0016 and 0018].
Per claim 4, Although Gordon teaches allowing a user to login to their accounts, Gordon does not explicitly disclose wherein access to the database is selectively granted using an employee authentication credential.
Sharp teaches wherein access to the database is selectively granted using an employee authentication credential [Paragraphs 0044, 0661, and 1057].
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the teachings of Gordon, which teaches allowing a user to login to their account, to include the teachings of a customer representative or employee to gain access to a database in motivation of determining the account code information and validating user data. Examiner also notes that the employee authentication is not positively recited and focuses on a user instead of a entity of the system that is able to perform functions. furthermore, it is obvious to allow any person such as a user’s friend or family members access to the database if the user wishes for them to access the database. In other words, because Gordon teaches a user login to access user account information such as the codes, then it is obvious for any other person to obtain such data to access the database; there is no technical outcome from gaining access to the database.
Per claim 5, Gordon does not explicitly disclose wherein access to the database is selectively restricted using the employee authentication credential; however, Sharp teaches wherein access to the database is selectively restricted using the employee authentication credential[Paragraphs 0044, 0661, and 1057]..
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the teachings of Gordon, which teaches allowing a user to login to their account, to include the teachings of a customer representative or employee to gain access to a database in motivation of determining the account code information and validating user data. Examiner also notes that the employee authentication is not positively recited and focuses on a user instead of a entity of the system that is able to perform functions. furthermore, it is obvious to allow any person such as a user’s friend or family members access to the database if the user wishes for them to access the database.
Per claim 6, wherein the correspondence generation means comprises a printer (send codes via email, sms, etc.) [Abstract, Paragraph 0001 and 0018].
Per claim 7, wherein the correspondence generation means comprises an email plant [Abstract, Paragraph 0001 and 0018-0023].
Per claim 8, wherein the correspondence generation means comprises an automated phone system [Abstract, Paragraph 0001 and 0018-0023].
Per claim 9, wherein the first identifying characteristic comprises a type of correspondence [Paragraphs 0016-0017, 0054-0075].
Per claim 10, wherein the first identifying characteristic comprises a communication form [Paragraphs 0016-0017, 0054-0075].
Per claim 11, wherein the first secret code is unique to the first account holder [Paragraphs 0016-0017, 0054-0075].
Per claim 12, wherein the first secret code is unique to the first identifying characteristic [Paragraphs 0016-0017, 0054-0075].
Per claim 13, wherein the first identifying characteristic is different than the second identifying characteristic, and wherein the first secret code is different than the second secret code [Paragraphs 0016-0017, 0054-0075].
Per claim 14, wherein the correspondence generation means is further for generating a third correspondence to be sent from the financial institution to the first account holder, wherein the third correspondence comprises a third secret code, wherein the third secret code signifies a third identifying characteristic of the third correspondence, wherein the third identifying characteristic is the same as the first identifying characteristic, wherein the first secret code is the same as the third secret code, and wherein the second secret code is different than the third secret code [Paragraphs 0016-0017, 0054-0075]. Examiner also notes that the above limitation amounts to mere duplication of parts; In re Harza, 124 USPQ 378 (CCPA 1960).
Per claim 15, wherein the first secret code is reproduced on all correspondence sent from the financial institution to the first account holder comprising the first identifying characteristic [Paragraphs 0016-0017, 0054-0075].
Per claim 16, wherein the first secret code comprises: a first portion selectively-generated by the financial institution; and a second portion selectively-generated by the first account holder [Paragraphs 0016-0017, 0054-0075].
Per claim 17, wherein the first secret code comprises alphanumeric characters [Paragraphs 0016-0017, 0054-0075].
Per claim 18, Gordon does not explicitly disclose wherein the first secret code comprises a quick response (“QR”) code.
Sharp teaches wherein the first secret code comprises a quick response (“QR”) code [0919].
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the teachings of Gordon, which teaches providing multiple authentication codes to a user and validating the user, to include the teachings of Sharp to explicitly disclose that the codes provides can be sent to the user in a form of a QR code to facility or provide another means for communicating the code back and forth for validation.
Per claim 19, Gordon does not explicitly disclose wherein the first secret code comprises a near field communication (“NFC”) tag.
Sharp teaches wherein the first secret code comprises a near field communication (“NFC”) tag [1285, 1315.
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the teachings of Gordon, which teaches sending a user a code via multiple means of communication, to send the code to the user via near-field communication in motivation of enhancing code authentication and communication.
Per claim 24, Gordon does not explicitly disclose wherein the automated phone system comprises a text-to-speech engine configured to convert the secret code into synthesized speech for delivery via an audio phone message.
Sharp teaches wherein the automated phone system comprises a text-to-speech engine configured to convert the secret code into synthesized speech for delivery via an audio phone message [Paragraphs 0647].
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the teachings of Gordon, which teaches sending a user a code via multiple means of communication, to utilize a text to speed ability to read and validate the code in motivation of optimizing code verification.
Per claim 25, Gordon teaches using encryption to encrypt the codes but does not explicitly disclose wherein the code database encrypts secret codes using at least 128-bit advanced encryption standard (“AES”), and access to the database is restricted using employee authentication credentials [Paragraph 0036].
Sharp teaches wherein the code database encrypts secret codes using at least 128-bit AES, and access to the database is restricted using employee authentication credentials [Paragraphs 0691, and 0946].
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the teachings of Gordon, which teaches sending a user a code via multiple means of communication in an encrypted manner, to include the teachings of Sharp to explicitly disclose using AES encryption in motivation of establishing the type of cryptographic method for encrypting the codes. It is obvious to encrypt data in any manner using any cryptographic method.
Per claim 26, wherein the first identifying characteristic comprises a time period during which the first correspondence is transmitted, and the first secret code is assigned based at least in part on the time period [Paragraphs 0029, 0034-0036].
References
The following additional reference teaches most of Applicant’s claimed scope. International Publication WO 2020/128203 to Moncomble teaches a method for securing operations comprises a step (F30) in which a user (U) requests that a service provider device (20) perform an an operation, the service provider device transmitting (F40) to a certification device (30) a request to validate the requested operation while indicating a key (CL) associated with the user (U). The certification device (30) identifies the user associated with the key (CL) and transmits (F60) a dynamic code request to the user. A device (12) that generates dynamic codes assigned to the user generates (F70) a first version (CC1) of the dynamic code and transmits (F80) it to the certification device (30), which compares (F90) it with a second version (CC2) of the code in order to decide whether it would or would not be appropriate to inform the service provider device that the requested operation has been validated.
The invention therefore provides a process for securing operations, comprising:
- a step of formulating a request, by a user (U) associated with a key (CL) issued by a certification body, for the implementation of an operation with a service provider device;
a step of reception, by a user station, of a request for a dynamic code, intended for the user associated with the key (CL), from a device of the certification body;
- a generation step, by a dynamic code generator device associated with the user key, of a first version (CC1) of the dynamic code;
- a step of transmitting the first version (CC1) of the dynamic code to the certification device; and
a step of receiving, from the service provider device, a message confirming the completion of the requested operation, provided that the first version of the dynamic code corresponds to a second version of the dynamic code generated at the level of the certification body.
Correlatively, the invention also relates to a user station comprising:
- a user interface configured to allow a user (U) associated with a key (CL) issued by a certification body to formulate a request for the implementation of an operation with a service provider device;
- a first reception module intended to receive a request for a dynamic code, intended for the user associated with the key (CL), from a device of the certification body;
- a transmission module to the device for certifying codes produced by a dynamic code generator device associated with the user's key (CL); and - a second reception module intended to receive, from the service provider device, a message confirming the completion of the requested operation.
The invention also provides a global method for securing operations, the method for securing operations comprising:
- a request step, by a user, for the implementation of an operation with a service provider device;
- a step of transmission by the service provider device to a certification device of a request for validation of the requested operation, said request indicating a key (CL) associated with the user;
- a step of issuing a dynamic code request, intended for the user associated with the key (CL), from the certification device;
a step of generation, by a device generating dynamic codes of the user, of a first version (CC1) of the dynamic code;
- a step of transmitting the first version (CC1) of the dynamic code to the certification device;
- a step of acquiring a second version (CC2) of the dynamic code and of comparing the first and second versions of the dynamic code by the certification apparatus; and
- provided that the first and second versions (CC1, CC2) of the dynamic code correspond, a step of transmission by the certification apparatus to the apparatus of the service provider of a signal indicating the validation of the operation requested by the user.
Correlatively, the invention also relates to a system for securing operations, this system for securing operations comprising a service provider apparatus and a certification apparatus, in which:
the service provider device includes: - a module for receiving a request, by a user (U), for implementing an operation, a module for transmitting to the certification apparatus a request for validation of the requested operation, said request indicating a key (CL) associated with the user, and
a module for implementing the requested operation following the reception of a validation signal from the certification apparatus; and
the certification system includes:
- a module for issuing a dynamic code request, intended for a dynamic code generator device assigned to the user associated with said key (CL),
- a module for receiving a first version (CC1) of the dynamic code generated by the dynamic code generator device assigned to the user associated with said key (CL),
- a module for acquiring a second version (CC2) of the dynamic code,
a module for comparing the first and second versions (CC1, CC2) of the dynamic code, and
a module for transmitting a validation signal to the apparatus (20) of the service provider when the first and second versions (CC1, CC2) of the dynamic code match.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on for PTO-892.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EL MEHDI OUSSIR whose telephone number is (571)270-0191. The examiner can normally be reached M-F 9AM - 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NEHA PATEL can be reached on 571-270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Sincerely,
/EL MEHDI OUSSIR/Primary Examiner, Art Unit 3699